Bugtraq archives for 4th quarter (Oct-Dec) 1998: [Fwd: Strange auth bug] Netscape Communicator 4.0x?
[Fwd: Strange auth bug] Netscape Communicator 4.0x?
Guille (
guille
REDESTB.ES)
Fri, 13 Nov 1998 00:54:01 +0100
This is a multi-part message in MIME format.
--------------FB9233D6BBD57A1CA4027C29
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Forwarded from new-httpd apache list
--------------FB9233D6BBD57A1CA4027C29
Return-Path: <new-httpd-owner-guille=redestb.esapache.org>
Received: from finet0.redestb.es ([194.179.106.13]) by mx0.redestb.es
(post.office MTA v2.0 0813 ID# 0-12342) with ESMTP id AAA144
for <guilleredestb.es>; Wed, 11 Nov 1998 10:15:00 +0100
Received: from hyperreal.org ([209.133.83.16]) by finet0.redestb.es
(Post.Office MTA v3.1.2 release (PO205-101c) ID# 0-0U10L2S100)
with SMTP id AAA203 for <guilleredestb.es>;
Wed, 11 Nov 1998 09:32:35 +0100
Received: (qmail 116 invoked by uid 6000); 11 Nov 1998 08:38:41 -0000
Received: (qmail 106 invoked from network); 11 Nov 1998 08:38:39 -0000
Received: from smtp.lerdorf.on.ca (HELO sunlab.bellglobal.com) (199.243.250.75)
by taz.hyperreal.org with SMTP; 11 Nov 1998 08:38:39 -0000
Received: from collective.lerdorf.on.ca (collective.lerdorf.on.ca [207.164.141.23])
by sunlab.bellglobal.com (8.9.1/8.8.8) with ESMTP id DAA25263
for <new-httpdapache.org>; Wed, 11 Nov 1998 03:41:19 -0500 (EST)
Date: Wed, 11 Nov 1998 03:40:41 -0500 (Eastern Standard Time)
From: Rasmus Lerdorf <rasmuslerdorf.on.ca>
To: new-httpdapache.org
Subject: Re: Strange auth bug
In-Reply-To: <19981111084236.A29293engelschall.com>
Message-ID: <Pine.WNT.4.05.9811110325540.-108993helium.jetpen.com>
X-X-Sender: rasmusimap3.bellglobal.com
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=ISO-8859-1
Content-Transfer-Encoding: 8BIT
Sender: new-httpd-ownerapache.org
Precedence: bulk
Reply-To: new-httpdapache.org
X-Mozilla-Status2: 00000000
> Strange. When I pass this to a RFC2045 compliant base64 encode/decode function
> I get:
>
> | :> ./base64 encode 'tätär'
> | dOR05HI=
> | rseen1:/e/apache/SSL/trail
> | :>
> | :> ./base64 decode 'dOR05HI='
> | tätär
> | rseen1:/e/apache/SSL/trail
> | :>
>
> which looks more correct to me. So, are both Netscape and IE broken?
> Hmmm... confusing.
No, you forgot about the password. I was setting the username to "tätär"
*and* the password to "blah".
If I use a blank password and just set the username to tätär IE5 sends an
Authorization header of:
Basic dOR05HI6
And Netscape sends:
Basic dOR0
I tcpdumped the connection as well to eliminate the possibility that
Netscape might be sending an embedded \0 (which would still be a bug) and
it really only sends the above. There is nothing else on the wire.
Testing a bunch of them:
täten täten (ok)
töten töten (ok)
tüten tüten (ok)
tätär tät (error)
tütür tüt (error)
tötör töt (error)
tätärä tät (error)
tütürü tüt (error)
tötörö töt (error)
daß daß (ok)
ßad '' (emtpy string) (error)
TÜR TÜR (ok)
TÜRÜ TÜR (error)
österreich '' (empty string) (error)
äste '' (empty string) (error)
üst '' (empty string) (error)
Tabalugä Tabalugä (ok)
Taß_Kaffä Taß_Kaffä (ok)
Taßtä Taßtä (ok)
Taßä Taß (error)
röstän röstän (ok)
reloümä reloüm (error)
børge børge (ok)
øl '' (empty string) (error)
Ok, so the pattern emerges. More than 1 8-bit char in the string, or if
the first char of the string is an 8-bit char and Netscape's encoding
algorithm gets hopelessly confused.
You'd think all sorts of Scandinavians and Germans would have screamed
about this before though.
-Rasmus
--------------FB9233D6BBD57A1CA4027C29
Return-Path: <new-httpd-owner-guille=redestb.esapache.org>
Received: from finet0.redestb.es ([194.179.106.13]) by mx0.redestb.es
(post.office MTA v2.0 0813 ID# 0-12342) with ESMTP id AAA290
for <guilleredestb.es>; Wed, 11 Nov 1998 02:04:54 +0100
Received: from hyperreal.org ([209.133.83.16]) by finet0.redestb.es
(Post.Office MTA v3.1.2 release (PO205-101c) ID# 0-0U10L2S100)
with SMTP id AAA163 for <guilleredestb.es>;
Wed, 11 Nov 1998 01:58:33 +0100
Received: (qmail 27825 invoked by uid 6000); 11 Nov 1998 01:04:43 -0000
Received: (qmail 27815 invoked from network); 11 Nov 1998 01:04:37 -0000
Received: from smtp.lerdorf.on.ca (HELO sunlab.bellglobal.com) (199.243.250.75)
by taz.hyperreal.org with SMTP; 11 Nov 1998 01:04:37 -0000
Received: from collective.lerdorf.on.ca (collective.lerdorf.on.ca [207.164.141.23])
by sunlab.bellglobal.com (8.9.1/8.8.8) with ESMTP id UAA25127;
Tue, 10 Nov 1998 20:07:14 -0500 (EST)
Date: Tue, 10 Nov 1998 20:06:35 -0500 (Eastern Standard Time)
From: Rasmus Lerdorf <rasmuslerdorf.on.ca>
To: php-devlists.php.net
cc: new-httpdapache.org
Subject: Strange auth bug
Message-ID: <Pine.WNT.4.05.9811101958160.-225903helium.jetpen.com>
X-X-Sender: rasmusimap3.bellglobal.com
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=ISO-8859-1
Content-Transfer-Encoding: 8BIT
Sender: new-httpd-ownerapache.org
Precedence: bulk
Reply-To: new-httpdapache.org
X-Mozilla-Status2: 00000000
I am trying to track down a weird bug here. Just wondering if anybody has
run across something similar.
When I authenticate on a page using a user id of: tätär
and a password of: blah
IE sends an Authorization header which looks like this:
Basic dOR05HI6YmxhaA==
while Netscape sends:
Basic dOR0
What gives? Unless I missed something, this looks like a pretty basic
browser bug.
I am testing with Navigator 4.5 on Win98 and IE5.
-Rasmus
--------------FB9233D6BBD57A1CA4027C29--
